IBM Support

Not able to import .PFX on WebSphere Application Server

Question & Answer


Question

How do I import the certificate from .PFX file into WebSphere Application Server?

Cause

WebSphere Application Server provides an SDK with limited policy files. You need to add the Unrestricted Policy files to allow you to import the .PFX certificate into WebSphere Application Server.

Answer

Here are the steps to allow you to import the SSL certificate from .PFX into WebSphere Application Server.

Download the unrestricted policy files from the following Web site:

IBM developer kit: Security information.

http://www.ibm.com/developerworks/java/jdk/security/index.html

1. Click on the Java Versions you are currently running.

2. Click IBM SDK Policy files.

The Unrestricted JCE Policy files for SDK 5 Web site displays.

3. Click Sign in and provide your IBM.com ID and password.

4. Select Unrestricted JCE Policy files for SDK 5 and click Continue.

5. View the license and click 'I Agree' to continue.

6. Click Download Now.

7. Extract the unlimited jurisdiction policy files that are packaged in the ZIP file. The ZIP file contains a US_export_policy.jar file and a local_policy.jar file.

8. In your WebSphere Application Server installation, go to the $JAVA_HOME/jre/lib/security directory and back up your US_export_policy.jar and local_policy.jar files.

9. Replace your US_export_policy.jar and local_policy.jar files with the two files that you downloaded from the IBM.com Web site.

10. Restart WebSphere Application server

11. Navigate to WAS administrative console, click Security > SSL certificate and key management > Manage endpoint security configurations > Inbound > SSL_configuration_name. Under Related items, click Key stores and certificates > key store . Under Additional Properties, click Personal certificates > Import certificates from the .PFX file.

12. For Key File Name, type in the fully qualified path to the .PFX file that contains the certificate to import.

13. For Type, select PKCS12.

14. For Key File Password, enter the password you were provided to open the .PFX file with.

15. Click on the 'Get the key file aliases' button.

16. Select the certificate you want to import into a keystore file.

17. Apply and Save.

18. Restart WebSphere Application Server.

Attention: Fix packs that include updates to the Software Development Kit (SDK) might overwrite unrestricted policy files. Back up unrestricted policy files before you apply a fix pack and reapply these files after the fix pack is applied.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF035","label":"z\/OS"},{"code":"PF033","label":"Windows"},{"code":"PF027","label":"Solaris"},{"code":"PF016","label":"Linux"},{"code":"PF012","label":"IBM i"},{"code":"PF010","label":"HP-UX"}],"Version":"8.0;7.0;6.1;6.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21577167

Page Feedback